Jump to content

Get Your
Free 30-Day Trial WhatsUpGold

United Kingdom Regulations

Please note: Data privacy laws in the European Union have a very strong emphasis on protecting the individual’s right to know what personally identifiable data is being collected, who is collecting the data, and for what purposes. Furthermore, such laws protect the individual’s right to refuse collection, dissemination, or analysis of their personal data. Organizations who collect personally identifiable data have an obligation to confirm exactly what data is considered protected, what consent they need to obtain from data subjects, and what safeguards they should employ to protect that data from unauthorized uses.

See how the WhatsUp Gold family of solutions can mitigate risk and protect your organization’s use and handling of personal data

First drafted in 1984 and updated in 1998, the Data Protection Act (DPA) 1998 was established by the United Kingdom (UK) Parliament to protect the ways in which information about living people can be processed and handled. In particular, the act aims to limit the abuse of personal data from individuals.

See see how the WhatsUp Gold family can help you mitigate risk, protect privacy and access to protected personal information, and prove compliance with UK Data Protection Act 1998 regulations:

Data Protection Act 1998 Requirement How WhatsUp Log Management Addresses DPA 1998 Requirement

(7) Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

The WhatsUp Log Management Suite provides a wealth of information security measures including:

  • Real-time monitoring and detection of suspicious events and messages to mitigate risk of unauthorized use of and security threats to personal data
  • Protection of archived log data via cryptographic hashing / FIPS 140-2 encryption & validation to maintain personal data integrity
  • In-depth forensic analysis to pinpoint where security policies went wrong in the aftermath of a security event
Requirements Recommended WhatsUp Log Management Report

Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

  • Account Management – Success/Failure
  • Directory Service Access – Success/Failure
  • System Events – Success/Failure
  • Object Access Attempts – Success/Failure
  • Object Deletions
  • Group Management
  • Password Reset Attempts by Users
  • Password Reset Attempts by Administrators or Account Operators
  • Computer Account Management
  • Directory Service Access Attempts
  • Logon Failures – Active Directory
  • Logon Failures – Local Logons

See how the WhatsUp Gold family can assist public companies in the UK with protection of corporate assets through a sound "risk management and internal control" system

The Corporate Governance Code sets best practices in relation to good board leadership and effectiveness, accountability, relationships with shareholders, etc. Listed companies are required to report on how they have complied with the code, and explain where they have fallen short.

Similar to Sarbanes-Oxley in the United States, Section C.2 of the Corporate Governance Code establishes the need for a "sound risk management and internal control" system.

See how the WhatsUp Gold family of solutions can help you comply with UK Corporate Governance Code Section C.2:

UK Corporate Governance Code Requirement How Our Solutions Address Corporate Governance Code Requirement

C.2 Risk Management and Internal Control
The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems.

WhatsUp Log Management:

  • Automatic collection and consolidation of log files from all types of infrastructure and applications for near real-time review and forensic analysis
  • Monitoring of individual file, folder and registry access, and any changes or deletions that may impact or contain log data key to financial reports
  • Cryptographic hashing of archived log data to protect its integrity
  • Automatic reporting on critical log file data access and related changes to all stakeholders
  • Monitoring and reporting on changes to key groups, such as Administrators, Account Operators, etc. that could lead to financial data tampering

WhatsUp Gold:

  • The WUG infrastructure monitoring platform monitors and maintains the health and availability of all systems that contribute to financial reporting. Rogue activity targeting your corporate network, for instance, is proactively prevented with this comprehensive "internal control system"
Requirements Recommended WhatsUp Log Management Report

C.2 Risk Management and Internal Control
The board is responsible for determining the nature and extent of the significant risks it is willing to take in achieving its strategic objectives. The board should maintain sound risk management and internal control systems.

  • Computer Account Management
  • Directory Service Access Attempts
  • Logon Failures – Active Directory
  • Logon Failures – Local Logons
  • Object Access Attempts – Success/Failure
  • Object Deletions
  • Password Reset Attempts by Users
  • Password Reset Attempts by Administrators or Account Operators
  • Process (Program) Usage
  • User Activity in Auditing Categories
  • Successful Network Logons – Workstations and Servers
  • Policy Change - Success/Failure
  • Account Management – Success/Failure
  • Directory Service Access - Success/Failure
  • System Events - Success/Failure